[arch-general] gnupg 2.1 not stable

Ido Rosen ido at kernel.org
Wed Dec 17 14:03:31 UTC 2014


>From gnupg.org:
"2.0.26 is the stable version suggested for most users,
2.1.1 is the brand-new modern version with support for ECC and many
other new features,
and 1.4.18 is the classic portable version."

The 2.1 series of gnupg is not stable, it still has many major bugs,
not the least of which is backwards compatibility with various key
sizes previously supported (introduced by the new gpg to gpg-agent IPC
layer restrictions).  On the gnupg-devel mailing list I've seen a few
potentially serious security issues with it.

Given that it's not marked as stable upstream, and that it's such a
critical core component of Arch's infrastructure, I find it
questionable for Arch to have upgraded so soon.  In the future, can we
avoid upgrading gnupg proper to non-stable releases?  Instead, how
about creating a gpg21 or gpg-modern package would be appropriate for
those wishing to try the unstable version and then updating the gnupg
package once that branch gets marked stable?


More information about the arch-general mailing list